Hi,

We have several Web Apps (app services) that uses custom domain names and Managed Certificates for these. We've gotten the notification from Azure as below regarding new SSL approach. We are having a difficult time understanding if we will be impacted. Based on the Bullet point list of who will be impacted it seems that we are affected because we do use IP rules restrictions for access. But for some of these apps the certificate appears to be already rotated successfully after the announced date of 14.08.2025.

Can you help clarify?

App service with custom domain and IP Restrictions certificate validity image attached:

Full MS announcement:

*
Policy updates will impact Azure App Service managed certificates as of 28 July 2025*

This is a reminder related to the DigiCert's migration to a new validation platform.

You're receiving this notification because you're associated with one or more Azure subscriptions that use Azure App Service managed certificates.

This change has already been fully rolled out as of 14 August 2025. To avoid service disruptions, take the necessary actions as soon as possible. If you've already addressed the requirements or they don't apply to your scenario, no further action is needed.

As part of an upcoming industry-wide change, DigiCert, the Certificate Authority (CA) of Azure App Service managed certificates, will be required to migrate to a new validation platform to meet multi-perspective issuance corroboration (MPIC) requirements.

While the majority of certificates won't be impacted, you'll no longer be able to create or renew certificates if:

• Your app is only accessible privately via IP restrictions, private endpoints, or any other method that restricts public access. Public accessibility will be required.
• Your app uses nested or external endpoints. Only Azure endpoints using Azure Traffic Manager will be supported.
• *Your app relies on .trafficmanager.net domains. Traffic Manager domain certificates will no longer be supported.

If any of the scenarios above apply to you, you'll need to update your secure sockets layer (SSL) certificate management approach before your current certificate expires.

If none of the above apply, no further action is required.

Required action

To avoid service disruptions, update your SSL certificate management approach before your current certificate expires. Review the following scenarios to determine which action you need to take:

• If your app is only accessible privately, acquire your own SSL certificate and add it to your site. You can view a sample of certificates that may be impacted here. For more information, please see our documentation.

Important: if you have allow-listed DigiCert IP addresses (as described in their documentation), please update your list immediately. DigiCert has recently changed its IP addresses, and failing to update may cause service disruptions.

• If your app is using nested endpoints or external endpoints with Traffic Manager, transition to Azure endpoints or acquire your own SSL certificate and add it to your site. To identify your impacted resources, please see our documentation.
• *If your app relies on .trafficmanager.net" domains, migrate to a custom domain and acquire an SSL certificate and add it to your site. You can view your impacted resources here.

For more details on how you may be impacted by this change, read our documentation.

Help and support

If you have questions, get answers from community experts in Microsoft Q&A. If you have a support plan and need technical help, please submit a support request.

Policy updates will impact Azure App Service managed certificates as of 28 July 2025

This is a reminder related to the DigiCert's migration to a new validation platform.

You're receiving this notification because you're associated with one or more Azure subscriptions that use Azure App Service managed certificates.

This change has already been fully rolled out as of 14 August 2025. To avoid service disruptions, take the necessary actions as soon as possible. If you've already addressed the requirements or they don't apply to your scenario, no further action is needed.

As part of an upcoming industry-wide change, DigiCert, the Certificate Authority (CA) of Azure App Service managed certificates, will be required to migrate to a new validation platform to meet multi-perspective issuance corroboration (MPIC) requirements.

While the majority of certificates won't be impacted, you'll no longer be able to create or renew certificates if:

• Your app is only accessible privately via IP restrictions, private endpoints, or any other method that restricts public access. Public accessibility will be required.
• Your app uses nested or external endpoints. Only Azure endpoints using Azure Traffic Manager will be supported.
• *Your app relies on .trafficmanager.net domains. Traffic Manager domain certificates will no longer be supported.

If any of the scenarios above apply to you, you'll need to update your secure sockets layer (SSL) certificate management approach before your current certificate expires.

If none of the above apply, no further action is required.

Required action

To avoid service disruptions, update your SSL certificate management approach before your current certificate expires. Review the following scenarios to determine which action you need to take:

• If your app is only accessible privately, acquire your own SSL certificate and add it to your site. You can view a sample of certificates that may be impacted here. For more information, please see our documentation.

Important: if you have allow-listed DigiCert IP addresses (as described in their documentation), please update your list immediately. DigiCert has recently changed its IP addresses, and failing to update may cause service disruptions.

• If your app is using nested endpoints or external endpoints with Traffic Manager, transition to Azure endpoints or acquire your own SSL certificate and add it to your site. To identify your impacted resources, please see our documentation.
• *If your app relies on .trafficmanager.net" domains, migrate to a custom domain and acquire an SSL certificate and add it to your site. You can view your impacted resources here.

For more details on how you may be impacted by this change, read our documentation.

Help and support

If you have questions, get answers from community experts in Microsoft Q&A. If you have a support plan and need technical help, please submit a support request.